Skip to main content

Woburn, MA – February 6, 2020 – In an effort to better understand how cybercriminals are trying to capitalize on public interest in high-profile movies, Kaspersky researchers studied malware being shared under the guise of this year’s award-nominated films. They found more than 20 phishing websites and 925 malicious files that were presented as free movies, only to attack the user.  

The uncovered phishing websites and Twitter accounts gather users’ data and prompt them to carry out a variety of tasks in order to gain access to the desired film. These can vary from taking a survey and sharing personal details, to installing adware or even giving up credit card details. Needless to say, at the end of the process, the user does not get the content.

The Best Picture nominees




Ford v Ferarri


Jojo Rabbit




Little Women


Marriage story


Once upon a time in Hollywood




The Irishman

The titles of the best picture nominees analyzed by Kaspersky researchers


An example of a phishing website gathering credit card details

Through the research, Kaspersky discovered that in order to promote their fraudulent websites, cybercriminals also set up Twitter accounts, where they distribute links to the content.


An example of a Twitter account promoting a phishing website

Malicious files spread on the internet under the guise of copies of nominated films also provide an indication of the levels of interest toward the nominees. Kaspersky researchers compared malicious activity under the name of nominated films during the first four weeks after the public premiere of the film. They found that “Joker” was the most popular film among cybercriminals with 304 malicious files named after the Gotham villain. ‘1917’ was second in this rating with 215 malicious files, and “The Irishman” was third with 179 files. Korean film “Parasite” did not have any malicious activity associated with it.


The number of malicious files detected by Kaspersky products under the guise of nominated films

Kaspersky also looked into whether there was a significant increase in malicious files just after the public release of the film. The research revealed that most malicious files appeared during the third or fourth week after the theatrical release of the film, although some were distributed even before the premiere.


The number of detections of malicious files by Kaspersky products

Kaspersky experts also analyzed whether the availability of a film on a streaming platform influences the likelihood of users searching for an illegal copy of it on the web. They compared malicious activity after the initial limited cinema release and after the actual release on Netflix streaming platform.

In the case of “Marriage Story,” no malware was found upon and after the initial release of the film in cinemas. However, cybercriminals started using the movie title after its release on Netflix, reflecting the interest that grew toward the film. In the case of “The Irishmen,” even though fewer users were engaged in finding a copy of the movie on the internet, they were more determined to do so. The number of detections following the initial limited release of the film on screen was higher than after its release on Netflix.

“Cybercriminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” said Anton Ivanov, Kaspersky malware analyst. “However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability. To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats.”

To avoid falling victim to malicious programs pretending to be popular films or TV shows, Kaspersky recommends taking the following steps:

  • Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources
  • Don’t click on suspicious links, such as those promising an early view of a new film; check movie release dates in theaters and keep track of them
  • Look at the downloaded file extension. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension, or other video formats; definitely not .exe
  • Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with https. Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain’s registration data before starting downloads
  • Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Kaspersky discovers movie malware disguised as best picture nominees

Analysis finds ‘Joker’ is the most abused movie of the year
Kaspersky Logo